Secure communication between a gambas socket client and server
Posted
#1
(In Topic #2082)
Administrator
To solve this I experimented with setting op a secure communication between a socket client and a socket server usingh SSH
SSH can do:
1. Authetication
2. Provide a secure tunnel
I asked some questions on the mailing list and got this idea back:
ssh -f <user>@machine2 -L 1000:127.0.0.1:2000 -N
This effectifly creates a tunnel between two systems. So, I tried this meanwhile having a network sniffer running to check the traffic.
Problem is that when the socket client connects to the server it knows what port to send the request to. But the server determines what port it answers to.
So I had to create above tunnel AFTER to communication between client and server was started, because then, and NO SOONER I knew the second port of communication to create the actual tunnel.
In the network sniffer I can see the SSH negotiations and the tunnel being set up. The socket client-server communication however doesn't use the tunnel and packages are still in plain text and seen by the network sniffer.
I suppose because their communication already started. I somehow need a way to set up a tunnel without knowing the ports the socket server will reply to. The server should return that port and somehow start using the SSH tunnel setup.
Any suggestion are very welcomed…
Last edit: by gbWilly
gbWilly
- Gambas Dutch translator
- Gambas wiki content contributor
- Gambas debian/ubuntu package recipe contributor
- GambOS, a distro for learning Gambas and more…
- Gambas3 Debian/Ubuntu repositories
… there is always a Catch if things go wrong!
- Gambas Dutch translator
- Gambas wiki content contributor
- Gambas debian/ubuntu package recipe contributor
- GambOS, a distro for learning Gambas and more…
- Gambas3 Debian/Ubuntu repositories
… there is always a Catch if things go wrong!
Posted
Regular
I not really sure about what you are trying to do.
When you start the server side, you need to expose a Port if you want something connect on it, so the Port exposed is known on the server side.
On the Client side now you just have to specify the remote host + Port.
So the SSH Tunnel can be started before you start the Server side or not, it does not change the mechanism.
The SSH Tunnel need to be started on the Client side, the Client point it communication to a local port (defined by you) and the local port is redirected to the SSH Tunnel to, at the end, finish by reach the Server Side + Exposed Port.
After that, automaticaly, if the Server respond to the Client it will pass through the same SSH Tunnel.
Ex:
Client -> TCP Socket -> Local Port 1000 -> SSH Tunnel -> SSH comminication -> Reach Server side -> Forward the communication to -> Server Side + Port Exposed
But in the case you want the Server initiate a communication to the Client side, you need another SSH Tunnel on the reverse way.
Let me know it male sense for you
Olivier
1 guest and 0 members have just viewed this.